sham-link- 旧城等待, 2022-05-09 04:52 117阅读 0赞 sham-link---是在ospf中创建的,所以建立双方的路由必须可达,因为其传递的是vpnv4路由,所以双方建立的地址必须通告进ospf的vpnv4路由中(opsf vrf a中)所以上面把环回接口先关联到vrf空间中,再宣告到bgp的vpnv4中,因为有双向重发布,所以其路由会发布到ospf的vpnv4中-----一定不能这样:关联到vrf空间后,直接宣告到ospf的vpnv4中,\*\*\*这样会出现问题,只能通过BGP的vpnv4宣告 注:----环回地址配置为 24位,sham-link是down------自己测试 32 sham-link是up [http://blog.sina.com.cn/s/blog\_3e15c5360101bovf.html][http_blog.sina.com.cn_s_blog_3e15c5360101bovf.html] ![70][] 实验拓扑图 实验描述:如上图所示,现R2/R3/R4为MPLS 网络,两CE客户需要通过MPLS 骨干网络进行通信,并且CE-R1与CE-R5之间有一条链路作为备份链路,正常情况要,R4至R6的流量通过MPLS 网络走,当MPLS 网络存在故障时,通过R1与R5之间的互联链路走,下面配置OSPF Sham-Link实现上述要求。 **1、首先配置MP-BGP,MPLS,VRF,PE与CE的OSPF路由协议** R2的配置: R2\#show run Building configuration... Current configuration : 2446 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model ip source-route no ip icmp rate-limit unreachable ip cef ! no ip domain lookup ip vrf ccie rd 1:1 route-target export 1:1 route-target import 1:1 ! no ipv6 cef ! multilink bundle-name authenticated mpls label range 100 199 ! memory-size iomem 0 archive log config hidekeys ! ip tcp synwait-time 5 ! interface Loopback0 ip address 2.2.2.2 255.255.255.0 ! interface Loopback1 ip vrf forwarding ccie ip address 100.1.1.1 255.255.255.255 ip ospf network point-to-point ! interface FastEthernet0/0 ip vrf forwarding ccie ip address 12.1.1.2 255.255.255.0 ip ospf 1 area 0 duplex auto speed auto ! interface FastEthernet0/1 ip address 23.1.1.1 255.255.255.0 duplex auto speed auto mpls ip ! interface Serial1/0 no ip address shutdown serial restart-delay 0 ! interface Serial1/1 no ip address shutdown serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! router eigrp 90 network 2.2.2.2 0.0.0.0 network 23.1.1.1 0.0.0.0 no auto-summary ! router ospf 1 vrf ccie router-id 92.2.2.2 log-adjacency-changes area 0 sham-link 100.1.1.1 100.1.1.2 redistribute bgp 24 subnets network 12.1.1.2 0.0.0.0 area 0 ! router bgp 24 bgp router-id 24.2.2.2 no bgp default ipv4-unicast bgp log-neighbor-changes neighbor 4.4.4.4 remote-as 24 neighbor 4.4.4.4 update-source Loopback0 ! address-family ipv4 neighbor 4.4.4.4 activate no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor 4.4.4.4 activate neighbor 4.4.4.4 send-community both exit-address-family ! address-family ipv4 vrf ccie redistribute ospf 1 vrf ccie no synchronization network 100.1.1.1 mask 255.255.255.255 exit-address-family R3配置: R3\#show run Building configuration... Current configuration : 1543 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model ip source-route no ip icmp rate-limit unreachable ip cef ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated mpls label range 200 299 ! memory-size iomem 0 archive log config hidekeys ! ip tcp synwait-time 5 ! interface Loopback0 ip address 3.3.3.3 255.255.255.0 ! interface FastEthernet0/0 ip address 23.1.1.2 255.255.255.0 duplex auto speed auto mpls ip ! interface FastEthernet0/1 ip address 34.1.1.1 255.255.255.0 duplex auto speed auto mpls ip ! interface Serial1/0 no ip address shutdown serial restart-delay 0 ! interface Serial1/1 no ip address shutdown serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! router eigrp 90 network 3.3.3.3 0.0.0.0 network 23.1.1.2 0.0.0.0 network 34.1.1.1 0.0.0.0 no auto-summary R4的配置: R4\#show run Building configuration... Current configuration : 2446 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R4 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model ip source-route no ip icmp rate-limit unreachable ip cef ! no ip domain lookup ip vrf ccie rd 1:1 route-target export 1:1 route-target import 1:1 ! no ipv6 cef ! multilink bundle-name authenticated mpls label range 300 399 ! memory-size iomem 0 archive log config hidekeys ! ip tcp synwait-time 5 interface Loopback0 ip address 4.4.4.4 255.255.255.0 ! interface Loopback1 ip vrf forwarding ccie ip address 100.1.1.2 255.255.255.255 ip ospf network point-to-point ! interface FastEthernet0/0 ip address 34.1.1.2 255.255.255.0 duplex auto speed auto mpls ip ! interface FastEthernet0/1 ip vrf forwarding ccie ip address 45.1.1.1 255.255.255.0 ip ospf 1 area 0 duplex auto speed auto ! interface Serial1/0 no ip address shutdown serial restart-delay 0 ! interface Serial1/1 no ip address shutdown serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! router eigrp 90 network 4.4.4.4 0.0.0.0 network 34.1.1.2 0.0.0.0 no auto-summary ! router ospf 1 vrf ccie router-id 94.4.4.4 log-adjacency-changes area 0 sham-link 100.1.1.2 100.1.1.1 redistribute bgp 24 subnets network 45.1.1.1 0.0.0.0 area 0 ! router bgp 24 bgp router-id 24.4.4.4 no bgp default ipv4-unicast bgp log-neighbor-changes neighbor 2.2.2.2 remote-as 24 neighbor 2.2.2.2 update-source Loopback0 ! address-family ipv4 neighbor 2.2.2.2 activate no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor 2.2.2.2 activate neighbor 2.2.2.2 send-community both exit-address-family ! address-family ipv4 vrf ccie redistribute ospf 1 vrf ccie no synchronization network 100.1.1.2 mask 255.255.255.255 exit-address-family ! **2、CE端路由情况分析** **(1)CE配置** R1配置 R1\#show run Building configuration... Current configuration : 1562 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model ip source-route no ip icmp rate-limit unreachable ip cef ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! memory-size iomem 0 archive log config hidekeys ! ip tcp synwait-time 5 ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface FastEthernet0/0 ip address 15.1.1.2 255.255.255.0 ip ospf cost 10 duplex auto speed auto ! interface FastEthernet0/1 ip address 12.1.1.1 255.255.255.0 duplex auto speed auto ! interface Serial1/0 no ip address shutdown serial restart-delay 0 ! interface Serial1/1 no ip address shutdown serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! router ospf 1 router-id 91.1.1.1 log-adjacency-changes network 1.1.1.1 0.0.0.0 area 0 network 12.1.1.1 0.0.0.0 area 0 network 15.1.1.2 0.0.0.0 area 0 ! R5配置 R5\#show run Building configuration... Current configuration : 1562 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R5 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model ip source-route no ip icmp rate-limit unreachable ip cef ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! memory-size iomem 0 archive log config hidekeys ! ip tcp synwait-time 5 ! interface Loopback0 ip address 5.5.5.5 255.255.255.0 ! interface FastEthernet0/0 ip address 45.1.1.2 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 15.1.1.1 255.255.255.0 ip ospf cost 10 duplex auto speed auto ! interface Serial1/0 no ip address shutdown serial restart-delay 0 ! interface Serial1/1 no ip address shutdown serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! router ospf 1 router-id 95.5.5.5 log-adjacency-changes network 5.5.5.5 0.0.0.0 area 0 network 15.1.1.1 0.0.0.0 area 0 network 45.1.1.2 0.0.0.0 area 0 ! (3)查看CE端路由情况 R1\#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, \* - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnets C 1.1.1.0 is directly connected, Loopback0 100.0.0.0/32 is subnetted, 2 subnets O E2 100.1.1.1 \[110/1\] via 12.1.1.2, 00:09:52, FastEthernet0/1 O E2 100.1.1.2 \[110/1\] via 12.1.1.2, 00:08:22, FastEthernet0/1 5.0.0.0/32 is subnetted, 1 subnets O 5.5.5.5 \[110/4\] via 12.1.1.2, 00:08:16, FastEthernet0/1 12.0.0.0/24 is subnetted, 1 subnets C 12.1.1.0 is directly connected, FastEthernet0/1 45.0.0.0/24 is subnetted, 1 subnets O 45.1.1.0 \[110/3\] via 12.1.1.2, 00:08:16, FastEthernet0/1 15.0.0.0/24 is subnetted, 1 subnets C 15.1.1.0 is directly connected, FastEthernet0/0 从CE-R1看到5.5.5.5路由为区域内路由,是由于CE-R4与CE-R6之间互联的线路运行OSPF,并且在区域1中,而从MPLS 骨干网络中传过来的5.5.5.5路由为区域间路由;而OSPF的选路原则是区域内路由优于区域间路由; 在PE-R2上查看VPNV4路由,也可以看到5.5.5.5的路由,下一跳指向的是PE-R4,如下: R2\#show ip bgp vpnv4 all BGP table version is 21, local router ID is 24.2.2.2 Status codes: s suppressed, d damped, h history, \* valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 1:1 (default for vrf ccie) \*> 1.1.1.1/32 12.1.1.1 2 32768 ? r>i5.5.5.5/32 4.4.4.4 2 100 0 ? \*> 12.1.1.0/24 0.0.0.0 0 32768 ? \* i15.1.1.0/24 4.4.4.4 11 100 0 ? \*> 12.1.1.1 11 32768 ? r>i45.1.1.0/24 4.4.4.4 0 100 0 ? \*> 100.1.1.1/32 0.0.0.0 0 32768 i \*>i100.1.1.2/32 4.4.4.4 0 100 0 i R2\#show ip route vrf ccie Routing Table: ccie Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, \* - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets O 1.1.1.1 \[110/2\] via 12.1.1.1, 00:14:42, FastEthernet0/0 100.0.0.0/32 is subnetted, 2 subnets C 100.1.1.1 is directly connected, Loopback1 B 100.1.1.2 \[200/0\] via 4.4.4.4, 00:13:12 5.0.0.0/32 is subnetted, 1 subnets O 5.5.5.5 \[110/3\] via 4.4.4.4, 00:13:06 12.0.0.0/24 is subnetted, 1 subnets C 12.1.1.0 is directly connected, FastEthernet0/0 45.0.0.0/24 is subnetted, 1 subnets O 45.1.1.0 \[110/2\] via 4.4.4.4, 00:13:06 15.0.0.0/24 is subnetted, 1 subnets O 15.1.1.0 \[110/11\] via 12.1.1.1, 00:14:34, FastEthernet0/0 当将CE-R1与CE-R5互联的线路shutdown后,查看R4的路由如下: R1(config)\#int fa0/0 R1(config-if)\#shutdown R1\#show ip route 1.0.0.0/24 is subnetted, 1 subnets C 1.1.1.0 is directly connected, Loopback0 100.0.0.0/32 is subnetted, 2 subnets O E2 100.1.1.1 \[110/1\] via 12.1.1.2, 00:00:04, FastEthernet0/1 O E2 100.1.1.2 \[110/1\] via 12.1.1.2, 00:00:04, FastEthernet0/1 ** 5.0.0.0/32 is subnetted, 1 subnets O 5.5.5.5 \[110/4\] via 12.1.1.2, 00:00:04, FastEthernet0/1** 12.0.0.0/24 is subnetted, 1 subnets C 12.1.1.0 is directly connected, FastEthernet0/1 45.0.0.0/24 is subnetted, 1 subnets O 45.1.1.0 \[110/3\] via 12.1.1.2, 00:00:04, FastEthernet0/1 15.0.0.0/24 is subnetted, 1 subnets O 15.1.1.0 \[110/13\] via 12.1.1.2, 00:00:04, FastEthernet0/1 现在看到的路由是区域间路由,是PE-R2传过来的,为实现网络的可靠性,正常情况下,R1与R5之间的链路是备份线路,平时数据通过MPLS 传递,为实现上述R4路由输出情况,现在在PE路由器之间配置Sham-Link实现两CE端日常数据通过MPLS 网络传递,当MPLS 网络出现故障时,数据流量切换至R4与R6的互联线路,以便不影响两CE端的互访。 **3、Sham-Link配置** 部署: 1.在PE端创建接口,划入VRF中 R2\#show run interface loopback 1 Building configuration... Current configuration : 121 bytes ! interface Loopback1 ip vrf forwarding ccie ip address 100.1.1.1 255.255.255.255 ip ospf network point-to-point end 2.将接口路由通告进入MP-BGP VRF中 R2\#show run | s router bgp router bgp 24 bgp router-id 24.2.2.2 no bgp default ipv4-unicast bgp log-neighbor-changes neighbor 4.4.4.4 remote-as 24 neighbor 4.4.4.4 update-source Loopback0 ! address-family ipv4 neighbor 4.4.4.4 activate no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor 4.4.4.4 activate neighbor 4.4.4.4 send-community both exit-address-family ! address-family ipv4 vrf ccie redistribute ospf 1 vrf ccie no synchronization network 100.1.1.1 mask 255.255.255.255 exit-address-family 3.在PE两端启用sham-link 通告进入0区域 R2\#show run | s router os router ospf 1 vrf ccie router-id 92.2.2.2 log-adjacency-changes area 0 sham-link 100.1.1.1 100.1.1.2 redistribute bgp 24 subnets network 12.1.1.2 0.0.0.0 area 0 查看sham-link建立的OSPF邻 查看其邻居是否建立成功,可用show ip ospf neighbor或者show ip ospf sham-link R2\#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 94.4.4.4 0 FULL/ - - 100.1.1.2 OSPF\_SL0 91.1.1.1 1 FULL/BDR 00:00:35 12.1.1.1 FastEthernet0/0 R2\#show ip ospf sham-links Sham Link OSPF\_SL0 to address 100.1.1.2 is up Area 0 source address 100.1.1.1 Run as demand circuit DoNotAge LSA allowed. Cost of using 1 State POINT\_TO\_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Hello due in 00:00:08 Adjacency State FULL (Hello suppressed) Index 2/2, retransmission queue length 0, number of retransmission 0 First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0) Last retransmission scan length is 0, maximum is 0 Last retransmission scan time is 0 msec, maximum is 0 msec **4、Sham-link配置分析及结果分析** R1\#show ip route 5.5.5.5 Routing entry for 5.5.5.5/32 Known via "ospf 1", distance 110, metric 4, type intra area Last update from 12.1.1.2 on FastEthernet0/1, 00:02:12 ago Routing Descriptor Blocks: \* 12.1.1.2, from 95.5.5.5, 00:02:12 ago, via FastEthernet0/1 Route metric is 4, traffic share count is 1 查看R2上的bgp vpnv4 5.5.5.5的路由情况 R2\#show ip bgp vpnv4 all 5.5.5.5 BGP routing table entry for 1:1:5.5.5.5/32, version 20 Paths: (1 available, best \#1, table ccie, RIB-failure(17)) Not advertised to any peer Local 4.4.4.4 (metric 158720) from 4.4.4.4 (24.4.4.4) Origin incomplete, metric 2, localpref 100, valid, internal, best Extended Community: RT:1:1 OSPF DOMAIN ID:0x0005:0x000000010200 OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:94.4.4.4:0 mpls labels in/out nolabel/304 从上述路由输出分析可知,R1直接传给R5(之间互联线路)的5.5.5.5的路由,其OSPF开销值为4;而从MPLS 网络经PE-R2传至PE-R4的5.5.5.5路由的开销值为2。 要想实现两CE端互访通过MPLS 网络,可以修改COST值来实现,现修改R4与R6互联接口的ospf cost值; R1(config)\#int fa0/1 R41config-if)\#ip ospf cost 10 将其cost值设置大于通过MPLS 的cost值 R5(config)\#int fa0/1 R5(config-if)\#ip ospf cost 10 现在R4上查看路由表情况 R1\#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, \* - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnets C 1.1.1.0 is directly connected, Loopback0 100.0.0.0/32 is subnetted, 2 subnets O E2 100.1.1.1 \[110/1\] via 12.1.1.2, 00:05:18, FastEthernet0/1 O E2 100.1.1.2 \[110/1\] via 12.1.1.2, 00:05:18, FastEthernet0/1 5.0.0.0/32 is subnetted, 1 subnets O 5.5.5.5 \[110/4\] via 12.1.1.2, 00:05:18, FastEthernet0/1 12.0.0.0/24 is subnetted, 1 subnets C 12.1.1.0 is directly connected, FastEthernet0/1 45.0.0.0/24 is subnetted, 1 subnets O 45.1.1.0 \[110/3\] via 12.1.1.2, 00:05:18, FastEthernet0/1 15.0.0.0/24 is subnetted, 1 subnets C 15.1.1.0 is directly connected, FastEthernet0/0 测试: R5\#traceroute Protocol \[ip\]: Target IP address: 1.1.1.1 Source address: 5.5.5.5 Numeric display \[n\]: Timeout in seconds \[3\]: Probe count \[3\]: Minimum Time to Live \[1\]: Maximum Time to Live \[30\]: Port Number \[33434\]: Loose, Strict, Record, Timestamp, Verbose\[none\]: Type escape sequence to abort. Tracing the route to 1.1.1.1 1 45.1.1.1 48 msec 20 msec 20 msec 2 34.1.1.1 \[MPLS: Labels 200/107 Exp 0\] 84 msec 84 msec 80 msec 3 12.1.1.2 \[MPLS: Label 107 Exp 0\] 56 msec 52 msec 64 msec 4 12.1.1.1 96 msec 80 msec 84 msec //107为MP-BGP分配的内层标签 **5、总结** 配置sham-link时要根据CE端备份链路所在区域来配置所属区域,如果配置其它区域,该PE发布的至CE端路由将会变成区域间路由,优先级低于区域内路由,因此需要将sham-link配置与备份链路所属区域在同一区域中。如果两CE端没有备份链路,也就不需要配置sham-link链路了。 在调整CE端的选路时,需要根据sham-link配置的COST值及备份链路的接口cost值来完成。 [http_blog.sina.com.cn_s_blog_3e15c5360101bovf.html]: http://blog.sina.com.cn/s/blog_3e15c5360101bovf.html [70]: /images/20220509/c8abf5e2bc7e4836b15eb333c4c62fd3.png
还没有评论,来说两句吧...